How many times have you sent an email to the wrong address?

If you mistyped it, and it bounces back from MAILER-DAEMON, no big deal.  (Inside joke – In my early days of Tech Support, I had an client asking me who the hell was “MAILER DAEMON”?)

If you worked in a Corporate environment who used Microsoft Exchange, you could simply retract it, or ask your SysAdmin to retract if for you.

But what if you sent it to a Gmail, Yahoo! or Hotmail user and that mistyped email address actually existed?

And what if that email contained confidential information?

You could ask support at Gmail, Yahoo! or Hotmail to retract it for you.

Good Luck.

Unless you have a subpoena or court order, again, good luck.  And by the time they do get it, the user would have opened the email anyways.

This is no joke, just like a CEO printing out a copy of the employee payroll and leaving it on the public print server.  Or worse, the lay-off sheet that ranked all the employees by “importance”.

Here’s a good story from The Register:

In mid-August, according to court documents filed in a California federal court, the Wyoming-based Rocky Mountain Bank was asked by a customer to send certain loan documents to a Gmail account belonging to a third party. A bank employee attempted to do so. But a day later, he realized he had sent the documents to the wrong address – along with a file containing confidential information for 1,325 other customers.

After a failed attempt to recall the email, the employee sent a second note to that wrong address, requesting that the confidential email be deleted before it was opened. There was no response, so the bank contacted Google to determine what could be done to ensure that the confidential info remained confidential. According to the court papers, Google would not provide information on the account unless it received a subpoena or "other appropriate legal process."

So the bank sued.

In a perfect world, all users would have PGP installed (or similar security technology) and unless you have the right public and private key combination, getting an email and/or zipped attachment would be secure.

The last thing you want is information in the wrong hands of people trying to make a fast buck.

We have enough horror stories out there.

UPDATE Sept 29, 2009: Google has resolved a lawsuit. See http://www.theregister.co.uk/2009/09/28/google_rocky_mountain_bank_suit_rollls_on/